This Massive Information Breach should be an Eye-Opener

July 12, 2019 | Data Breach, Privileged Identities

The National Aeronautics and Space Administration (NASA) must have been embarrassed to be in the news of being a victim of data breach. However, the fact is, this “unexpected” incident has reminded the cyber world that there is no organization in the world which is foolproof against cyber-crime. Moreover, it has also brought to the forefront why there is an urgent need to shore up IT infra with adequate safeguards as the recent incident shows that the data breach remained undetected for about 10 months.

How NASA was breached?

The hacker used Raspberry Pi, a small credit-card sized computer, to steal data from Jet Propulsion Lab. This special research and development unit consists of sensitive and confidential records of research details. The attacker, who is still undetected, stealthily got access to the internal network and compromised data of about 500MB including 23 files. These files consisted of International records of Arms and Traffic control system and sensitive records of Mars science laboratory research reports -- too lucrative information for the malicious actor to resist.

Raspberry Pi was initially developed as an educational tool as a handy computer which could make the users learn. However, the cyber crooks misused it with malicious intentions and NASA was the victim. The hacker managed to get entry to the “secured” network illegally by creating a fake portal through which the confidential files of Jet Propulsion Lab were accessed.

How could it have been prevented?

NASA, where data security mechanism is supposed to be highly stringent, have already received a big blow with this unprecedented breach. Forensic analysis later showed that there were no proper controls to monitor and detect unusual behavior around critical IT systems.

A robust access control mechanism in the Jet propulsion Lab network could have averted this disaster. The major security loophole found was that NASA administrators were completely unaware that Raspberry Pi accessed its network. This happens only when identity and access control mechanism, including the management of privileged accounts, gateway to sensitive information, is weak.

Identification of risky privilege entitlements and identities is a must to secure sensitive data in today’s critical IT security scenario. In the absence of unmonitored and uncontrolled user access to IT infra, malicious insiders or third-party malefactors have ample scope to compromise the data. Hence, it is highly crucial to maintain a proper role and rule-based privileged access to the target systems.

Now, the question which pops is whether NASA is adopting relevant security measures to mitigate any further breaches? Today, due to the stringency of regulatory compliance acts (eg. EU-GDPR, PCI-DSS, SWIFT CSCF, HIPAA), data security has become extremely crucial.

The bottom-line

The investigation report recommends NASA to monitor its network infrastructure in real time and tighten up admin control policies something which ARCON has been advocating.

Indeed, Privileged Access Management (PAM), in a nutshell, has become an indispensable tool to predict, protect and prevent security risks in an enterprise network. In a shared and distributed environment where thousands of privileged users, both insiders and outside partners/ third-parties, access privileged accounts multiple times with various reasons anytime, requires seamless monitoring of the privileged activities to detect each and every suspicious activity. The security breach incident of NASA should be a big eye-opener for global IT security pros.